14 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-46446
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a...
ROS-20241216-07
A vulnerability in the asynchronous client and server implementation of the SSHv2 protocol on top of Python python-asyncssh is related to a lack of data authentication. Exploitation of the vulnerability could allow an attacker, acting remotely, to control a remote SSH client session by injecting ...
USN-7108-2: AsyncSSH vulnerabilities
USN-7108-1 fixed vulnerabilities in AysncSSH. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : AsyncSSH vulnerabilities (USN-7108-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7108-1 advisory. Fabian Bumer, Marcus Brinkmann, and Jrg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An...
Fedora 39 : python-asyncssh (2023-d2956318e4)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d2956318e4 advisory. Security fix for CVE-2023-46446 and CVE-2023-46445 Tenable has extracted the preceding description block directly from the Fedora security advisory...
SUSE CVE-2023-46446
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...
DEBIAN-CVE-2023-46446
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...
PYSEC-2023-239
An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation...
UBUNTU-CVE-2023-46446
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...
PYSEC-2023-239
An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation...
Design/Logic Flaw
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...
AsyncSSH Security Vulnerability
AsyncSSH is a Python package that provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. A security vulnerability exists in AsyncSSH v2.14.0 and earlier versions, which stems from a vulnerability that allows an attacker to take...
CVE-2023-46446
CVE-2023-46446 is confirmed in IBM Storage Ceph (Python AsyncSSH) as a Rogue Session Attack affecting AsyncSSH prior to 2.14.1. IBM’s bulletin ties CVE-2023-46446 to IBM Storage Ceph versions 6.0, 6.1z0-z9, 7.0z0-z1, 7.1z0-z3, and 8.0z0-z3, with the remediation to upgrade to 7.0z2. The advisory n...
AsyncSSH Rogue Session Attack
Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation. Details The rogue session attack targets any SSH client connecting to an AsyncSSH server, on which the attacker must have a shell...